Bug 7795 - High NFS traffic Oops
Summary: High NFS traffic Oops
Status: CLOSED CODE_FIX
Alias: None
Product: File System
Classification: Unclassified
Component: NFS (show other bugs)
Hardware: i386 Linux
: P2 high
Assignee: Neil Brown
URL:
Keywords:
: 7796 7798 (view as bug list)
Depends on:
Blocks:
 
Reported: 2007-01-09 04:48 UTC by Horst H. von Brand
Modified: 2007-02-26 11:09 UTC (History)
1 user (show)

See Also:
Kernel Version: 2.6.20-rc4
Subsystem:
Regression: ---
Bisected commit-id:


Attachments
Possible patch to fix problem (1.92 KB, patch)
2007-01-09 21:21 UTC, Neil Brown
Details | Diff

Description Horst H. von Brand 2007-01-09 04:48:00 UTC
Most recent kernel where this bug did *NOT* occur:
Don't know, I just found a report for 2.6.19.1 with the same symptoms, no older
ones have shown up (but I didn't compile much stuff before this way, so...).
There it generated a string of 8 or so Oopses (reported separately).

Distribution: Aurora Corona
Hardware Environment: SPARC Station Ultra 1
Software Environment: gcc-4.1.1-30.1, binutils-2.17.50.0.3-6.sparc,
nfs-utils-1.0.9-8.al3
Problem Description: 
Trying to compile a package on an x86_64 (Fedora rawhide, fully up to date)
which automounts my account from the SPARC produces an Oops (attached), and nfsd
hangs. "service nfs status" reports that nfsd is dead, trying "service nfs
start" complains that the port is in use.

Steps to reproduce:

Oops report:
Jan  8 18:50:02 pincoya kernel: Unable to handle kernel NULL pointer dereference
Jan  8 18:50:02 pincoya kernel: tsk->{mm,active_mm}->context = 0000000000000901
Jan  8 18:50:02 pincoya kernel: tsk->{mm,active_mm}->pgd = fffff800378ee000
Jan  8 18:50:02 pincoya kernel:               \|/ ____ \|/
Jan  8 18:50:02 pincoya kernel:               "@'/ .. \`@"
Jan  8 18:50:02 pincoya kernel:               /_| \__/ |_\
Jan  8 18:50:02 pincoya kernel:                  \__U_/
Jan  8 18:50:02 pincoya kernel: nfsd(2605): Oops [#8]
Jan  8 18:50:02 pincoya kernel: TSTATE: 0000004480009604 TPC: 0000000000474304
TNPC: 0000000000474308 Y: 00000000    Not tainted
Jan  8 18:50:02 pincoya kernel: TPC: <put_page+0xc/0xf4>
Jan  8 18:50:02 pincoya kernel: g0: 0000000000000000 g1: 000000000000000c g2:
0000000000004000 g3: 000000000000f000
Jan  8 18:50:02 pincoya kernel: g4: fffff800344eb020 g5: 00000000006f7961 g6:
fffff80034518000 g7: 000000000000000c
Jan  8 18:50:02 pincoya kernel: o0: 0000000000000001 o1: 0000000000000001 o2:
000000000046c8ac o3: 0000000000000002
Jan  8 18:50:02 pincoya kernel: o4: 0000000000000001 o5: 000000000046c86c sp:
fffff8003451ae51 ret_pc: 00000000005e3b08
Jan  8 18:50:02 pincoya kernel: RPC: <_read_unlock_irq+0x28/0x48>
Jan  8 18:50:02 pincoya kernel: l0: fffff80003627c68 l1: 0000000000000000 l2:
fffff800000002c0 l3: 00000000004f21d4
Jan  8 18:50:03 pincoya kernel: l4: 0000000000000150 l5: fffff80034516000 l6:
00000000101d4c98 l7: 0000000000000018
Jan  8 18:50:03 pincoya kernel: i0: 0000000000000000 i1: fffff800001f2618 i2:
000000000000002a i3: 0000000000000009
Jan  8 18:50:03 pincoya kernel: i4: fffff8003451b8a0 i5: fffff800366fea68 i6:
fffff8003451af11 i7: 00000000101b0774
Jan  8 18:50:03 pincoya kernel: I7: <nfsd_read_actor+0xbc/0xf8 [nfsd]>
Jan  8 18:50:03 pincoya kernel: Caller[00000000101b0774]:
nfsd_read_actor+0xbc/0xf8 [nfsd]
Jan  8 18:50:03 pincoya kernel: Caller[000000000046d230]:
do_generic_mapping_read+0x15c/0x444
Jan  8 18:50:03 pincoya kernel: Caller[000000000046d554]:
generic_file_sendfile+0x3c/0x50
Jan  8 18:50:03 pincoya kernel: Caller[00000000101ae674]:
nfsd_vfs_read+0x29c/0x3cc [nfsd]
Jan  8 18:50:03 pincoya kernel: Caller[00000000101aec38]: nfsd_read+0x9c/0xb0 [nfsd]
Jan  8 18:50:03 pincoya kernel: Caller[00000000101b5f88]:
nfsd3_proc_read+0xd8/0x114 [nfsd]
Jan  8 18:50:03 pincoya kernel: Caller[00000000101aa2ec]:
nfsd_dispatch+0xdc/0x1f0 [nfsd]
Jan  8 18:50:03 pincoya kernel: Caller[00000000100e2e54]:
svc_process+0x448/0x74c [sunrpc]
Jan  8 18:50:03 pincoya kernel: Caller[00000000101aaa1c]: nfsd+0x19c/0x31c [nfsd]
Jan  8 18:50:03 pincoya kernel: Caller[000000000041797c]: kernel_thread+0x38/0x48
Jan  8 18:50:03 pincoya kernel: Caller[00000000100e249c]:
__svc_create_thread+0x144/0x178 [sunrpc]
Jan  8 18:50:03 pincoya kernel: Instruction DUMP: 81cfe008  01000000  9de3bf40
<c25e0000> 05000010  90100018  82084002  02c84006  92062008
Comment 1 Trond Myklebust 2007-01-09 07:45:05 UTC
Not an NFS client issue. Reassigning to Neil Brown.
Comment 2 Trond Myklebust 2007-01-09 08:51:49 UTC
*** Bug 7798 has been marked as a duplicate of this bug. ***
Comment 3 Neil Brown 2007-01-09 21:21:10 UTC
Created attachment 10043 [details]
Possible patch to fix problem

Thanks for the report.	It looks like we are falling off the end of an
array when we received a maximum-sized read request that is not page-aligned.

Please try this patch and report the result.
Comment 4 Neil Brown 2007-01-09 21:21:59 UTC
Setting to "NEEDINFO".
Comment 5 Horst H. von Brand 2007-01-11 05:35:06 UTC
Just tried, your patch on 2.6.20-rc4 made the build of a package go through. It
looks fixed.

Will you queue this for 2.6.19.3?
Comment 6 Neil Brown 2007-01-11 13:53:38 UTC
On Thursday January 11, bugme-daemon@bugzilla.kernel.org wrote:
> Just tried, your patch on 2.6.20-rc4 made the build of a package go through. It
> looks fixed.

Thanks for testing.
> 
> Will you queue this for 2.6.19.3?

Hopefully.  I have to send of a bunch of patches today for 2.6.20
and some of then should go to -stable too.

NeilBrown

Comment 7 Horst H. von Brand 2007-01-24 07:45:51 UTC
This patch isn't in 2.6.20-rc5 as of today (20070124). Will it be in 2.6.19.3?
Comment 8 Daniel Drake 2007-01-29 07:58:47 UTC
This is now in Linus' tree
Comment 9 Adrian Bunk 2007-02-26 11:09:55 UTC
*** Bug 7796 has been marked as a duplicate of this bug. ***

Note You need to log in before you can comment on or make changes to this bug.